Skip to main content

No Ransomware? Your Data Could Still Be At Risk

Over the course of 2017, businesses were on high alert for ransomware, a form of malware that steals files and demands funds in exchange for their return. But just as IT teams and staff were getting a handle on ransomware, the threat began to dissipate. In 2018, the major threat to business security took a turn. Enter: crypto mining.

 

What Is Crypto Mining?

 

Though crypto mining is another manifestation of malware, from a security standpoint it helps to understand its purpose and why this particular mode of infection is on the rise. In essence, companies that issue cryptocurrencies like Bitcoin, Ethereum, and Verge need to validate their deeply encrypted transactions. To do this, they “mine” or harness CPU power from vulnerable systems and consequently slow down your devices.

 

Mining Prevention 101

 

Miners can latch onto your company’s computer systems in several ways. One of the most common ways they get in, though, is via BYOD-based leaks. Since most home-users lack robust security systems, allowing employees to use personal devices at work can leave your whole system vulnerable. One false move and your whole company will be deep in the digital mines.

 

To prevent crypto mining, your company should block access to crypto mining pools. Here’s a list of mining pool domains and IP addresses your firewall can use as a blacklist. You should also be using a security system that scans for this kind of malware so that any stray mining activities can be promptly shut down.

 

Spotting The Sources

 

Besides installing appropriate security protocols, your company’s best defense against crypto mining is knowing where these attacks stem from.

 

One of the earliest major crypto mining attacks, launched in May 2017, is powered by the same software as the WannaCry attacks, known as EternalBlue. This particular attack releases a botnet into vulnerable machines to turn them into mining operations. At its peak, there were over half a million infected computers mining the Monero cryptocurrency. Businesses are a favored point of attack because the botnet targets servers rather than individual computers. After all, you turn your computers off, which turns off mining. You don’t turn off your server.

 

Advertisements are another key source of crypto mining attacks, and a particularly insidious one. In late January 2018, for example, crypto mining infected some double-click advertisements via Google’s ad network. These ads are supposed to be revenue generators for businesses, but instead they were hijacked as entry routes into end-user’s computer systems.

 

Ads are such excellent vectors for crypt mining that Salon.com is actually testing them out as a monetization strategy to undercut ad-blocking software. Though at least Salon is being transparent about their intention to turn computers into crypto mining operations – and staff definitely shouldn’t use the site at work – it should make security officers wonder how many other outlets are secretly monetizing your company’s system.

 

What’s The Risk?

 

Though crypto mining ostensibly just unauthorized use of computer power, its security risks are serious. First, because the goal of crypto mining is to operate covertly in the background of traditional operations, you run a very immediate risk of transmitting the associated malware to customers and business partners.

 

In addition to stealing your productivity power by using your server, the very presence of crypto mining means someone is playing around in your files. They may not be explicitly interested in your data, but that doesn’t mean they’ll leave it all untouched. Prior forms of ransomware scrambled files and inserted more malicious attacks. Evolving crypto mining forms could combine the two to take over greater amounts of CPU power by denying your business access to its own server.

 

Crypto mining as security breach is so insidious precisely because it seems harmless, but what security professionals and C-suite officers need to recognize is that system protection is at the heart of the matter. If there’s a breach for crypto mining software to get in, then there’s also an opening for other forms of malware.

The post No Ransomware? Your Data Could Still Be At Risk appeared first on Blogtrepreneur – For Busy Entrepreneurs.

from: Blogtrepreneur – For Busy Entrepreneurs
via Blogtrepreneur

Source: No Ransomware? Your Data Could Still Be At Risk Via Business Advice.

Comments

Post a Comment

Popular posts from this blog

7 Ways to Grow Your SaaS Startup Faster

Every startup looks for ways to catapult a business to success. Here are some tips for accelerating growth for SaaS (software as a service) companies. 1. Start charging early SaaS startups are often hesitant about charging customers. They think that their product is not yet ready, that it’s necessary to get traction and focus on expanding their customer base rather than on growing revenue. Deep inside, however, they often don’t just have enough faith in their product and are not sure if someone will buy it at all. They prefer keeping hundreds or thousands of free users to attempting to win a few serious customers. Big numbers are comforting but the product remains an unverified idea. Building a product should imply increasing revenue. So don’t hesitate too much—put it to the test by charging and see if it works in the real conditions. This is one way to minimize your risk too. Instead of waiting to launch until you’ve invested huge amounts of time and money, launch early. If...
Post a Comment
Read more

How to Add Web Push Notification to Your WordPress Site

Do you want to add push notifications to your WordPress site? Push notifications allow you to send notifications to users even when they are not visiting your website. In this article, we will show you how to easily add web push notifications to your WordPress site. We will also talk about the best WordPress push notification plugins and how to send desktop & mobile push notifications from your WordPress site. What is Push Notification? Push notifications are clickable messages displayed on top of user’s desktop or notification area on their mobile device. They can be shown even when the user’s browser is not open. Aside from desktop, web push notifications also work on mobile devices. This allows you to reach your users across devices with latest updates and offers. Web push notifications have proven to be a very effective way to convert website visitors into customers and loyal followers. Why Add Web Push Notifications to Your WordPress Site? We have already discussed tha...
Post a Comment
Read more

7 Best WordPress Job Board Plugins and Themes

Are you looking for the best WordPress job board plugin? There are several WordPress job board plugins that you can use to easily create a job board and charge other companies to post jobs. It is one of the ways to make money from your blog , and you can even use it to post your own job openings. In this article, we have picked the best WordPress job board plugins and themes that you can use. Building a Job Board Website with WordPress WordPress is currently one of the most popular website builders in the market, powering more than 30% of all websites on the internet. It can be used to build almost any kind of website including a job board website. There are two types of WordPress websites which often confuses new users. First, there is WordPress.com which is a hosted solution. Second, you have WordPress.org also called self-hosted WordPress. See our article on WordPress.com vs WordPress.org for a side-by-side comparison. We recommend using self-hosted WordPress.org because it g...
Post a Comment
Read more